Protected Passwords: The Key to Web Security in a Mobile Age

This week marks Week 3 of National Cyber Security Awareness Month (NCSAM). A program sponsored by the Department of Homeland Security (DHS) in cooperation with the National Cyber Security Alliance and the Multi-State Information Sharing and Analysis Center, NCSAM emphasizes our shared responsibility in strengthening the cyber security posture of our workplaces, homes, and digital lives.

The theme of NCSAM’s third week is Connected Communities: Staying Protected While Always Connected.

Activities for this sub-campaign are designed to provide users with tips on how they can protect themselves while surfing the web on their mobile devices. Best practices when it comes to social networking, particularly on social media sites, are also considered.

Our article on security for social networking will follow later this week. For now, we consider how we can securely use our mobile devices to access our online accounts.

Password Security ABCs

Whether on a mobile device or desktop, web security begins with setting up strong, unique passwords to protect each of our online accounts. It is never too late to begin adopting this practice, either. According to Lori MacVittie, evangelist for F5 Networks, educating children into password safety early on can instill in them a lasting security awareness that accompanies them into adulthood:

“Our oldest children were creating per-app, complex, phrase-based passwords for everything in their teens without prompting after years of being reminded to do so, and they continue that practice today. Practicing – and instilling the same practice in children as early as possible – is one of the best ways to protect personal and corporate data from being exposed or stolen. If someone gets your Facebook credentials, it may be embarrassing, but at least they can’t use those same credentials to breach a corporate system or abscond with the balance in your savings account.”

It is important to note that complex, unique passwords do not just protect our accounts; they also help to protect our online access more generally.

For example, Bob Covello, a 20-year technology veteran and information security analyst, is aware of how neighbors can knowingly or not exploit your Wi-Fi bandwidth after coming over for dinner and connecting to your network. This threat reveals that passwords, even those that protect our wireless networks, should be updated on a regular basis.

“Home Wi-Fi networks are among the easiest networks to break into,” observes Covello. “It’s important to note, however, that this is not about a malicious hacker waiting to infiltrate your home network; it’s about a simple oversight that could affect your Internet speed. Something as simple as changing the Wi-Fi access password every few months can be a good way to guarantee that the signal you are paying for is truly yours.”

Additional Security Layers for Our Accounts and Mobile Devices

Though you may have created unique, strong passwords, this does not mean that your digital life is now secure. Today’s growing list of breaches and hacks testify to the fact that malicious actors can compromise people’s login credentials and obtain unauthorized access to their online accounts.

In the shadow of this threat, it is therefore important that we as digital citizens take some additional steps to secure our accounts and mobile devices in the event that are passwords are exposed by attackers.

“The first point of call should be two-step verification,” recommends Richard De Vere, principal consultant for the AntiSocial Engineer Ltd. “This is a massive hindrance to the ‘baddies’. Even if your password is compromised in this scenario, the attackers would require either your unlocked phone or an amazing level of technical ability to gain access to your online accounts.”

De Vere specifically urges users to download Google Authenticator and add as many online accounts that support it as possible, especially email accounts. (NOTE: Each two-step verification process provides the user with a backup code in the event that they misplace their mobile device. These codes, explains De Vere, should be stored somewhere safe and secure.)

“The value of a password, like a key is what it opens, and the more of your doors one password opens, the more it fetches online on underground markets, and the more damage that can be done.”

Acknowledging these risks, De Vere states that users should turn to a password manager, such as KeePassX, that can remember unique, super long passwords for them. These applications can also be synced across mobile devices, such as KeePassX with iOS (MiniKeePass) or Android (KeePassDroid), for easy mobile access.

Of course, these extra security layers mean little if you happen to lose your phone. This is why we must also take steps to protect our mobile devices. One way we can safeguard our devices is by installing a mobile antivirus solution that comes with a feature that helps users locate their lost phone, such as Lookout Mobile Security.

Then again, as Covello rightly notes, we should be careful with which apps we decide to share our locations.

“Generally speaking, there is no need for any application to know your location unless it is serving a specific purpose to assist you. While I may occasionally enable my camera to record my location, as a general rule, that feature is turned off. I am much more comfortable manually enabling my camera than accidentally letting the entire world know where I was when I post a photo online.”

Covello recommends that mobile users share their locations only with navigation apps and antivirus solutions such as Lookout. All other apps should be denied this permission.

Conclusion

To stay always connected, you need to adhere to the basics of both password security and mobile security. It is all about implementing multiple layers of protection with respect to your digital life.

This includes creating strong, unique passwords for your accounts; implementing two-factor authentication; and safeguarding your mobile device with an anti-virus solution that will allow you to locate it in case it is lost. By following these steps, you can ensure that you are at least partially protected wherever and whenever you go online.